Pentagon sticks to its guns on single-award approach to JEDI Cloud, but won’t tell vendors why

Despite months of protestations from industry, the Defense Department says it has no intention of budging from its plans to make just one award in its upcoming contract for commercial cloud computing services.

The Pentagon released a second draft request for proposals for the project, known as “JEDI,” on Monday, adding that the latest round of documentation “substantially” reflects the final solicitation it intends to publish in May.

The package also included responses to more than 1,000 questions vendors posed in response to DoD’s first draft solicitation last month. The majority were queries dealing with technical or narrow requirements issues. But dozens of others questioned DoD’s broader winner-take-all approach, implored the department to consider a multiple-award contract, or asked officials to at least publish their rationale for going the single-award route.

Patrick Shanahan

“The objective of achieving commercial parity seems contrary to the duration and single award aspects of this contract,” wrote one of the vendors, all of whose identities were made anonymous. “The single-award removes competition, which was the very impetus that drove the current cloud market. Also, the potential duration for this vehicle is 10 years, nearly equal to the age of the cloud market. This duration fails to recognize how fast this market is changing … the structure of this vehicle locks DoD into one vendor for the next decade.”

DoD’s contracting office said it still planned to press forward with a single award indefinite-delivery/indefinite-quantity (ID/IQ) contract, one which officials have previously said will be worth billions of dollars, but added that different vendors were free to team together to combine multiple cloud offerings into a single bid.

In reply to most questions raising objections to the one-contract approach, the department said simply, “Your comment has been noted.”

Several other vendors pointed out that federal law explicitly requires the government to award its ID/IQ contracts to multiple vendors if at all possible. And when it doesn’t, the Federal Acquisition Regulation requires it to document its decision to opt for single-award.

“What is DoD’s rationale for a single award given that DoD anticipates multiple providers can meet the requirements in this RFP, and the department’s stated desires to innovate and leverage commercial companies?” another company asked. “A 10-year, single award contract does not seem to encourage the experimental, risk-taking culture and environment of innovation called out in [Deputy Defense Secretary Patrick] Shanahan’s memo.”

The department’s response: “This rationale is not going to be published at this time.”

Considering that the JEDI project is a high priority for Shanahan, and one that he personally launched, several other questions had to do with how the eventual services DoD buys under the contract will interact with the many other cloud efforts the department already has underway.

Advertisement

Some examples include the Defense Information Systems Agency’s MilCloud offering — the latest version of which will be operated entirely by a commercial provider — and a multiple-award Navy enterprise cloud contract that service hopes to award later this year.

DoD mostly sidestepped those questions, other than to say that the JEDI project won’t prohibit individual services and agencies from setting up their own contract vehicles for buying cloud services.

“JEDI Cloud is only the initial step to provide the underlying foundational technologies required to maximize the capabilities of weapon systems, business systems, and data-driven decision-making for the military,” Lt. Col. Kaight Meyers, the JEDI program manager wrote in a memo accompanying Monday’s package of documents. “JEDI Cloud is intended to be available enterprise-wide and complementary to other existing cloud initiatives. It will not preclude the release of future contracting actions. Please understand that the JEDI Cloud team is focused on developing a high quality RFP package for JEDI Cloud and will not comment on the intended use of other contracting vehicles as part of this draft solicitation process.”

However, DoD did make some substantive changes in Monday’s updated draft solicitation. Among them:

  • A revised cybersecurity plan. In it, the department clarified that the winning vendor will not need to have earned the necessary “FedRAMP Plus” security approvals by the time the contract is awarded, and can do so after the fact. Currently, as one vendor pointed out, only one company (Amazon Web Services) has been certified for both classified and unclassified data.
  • In an effort to maintain “commercial parity,” DoD’s previous draft solicitation said the department would only make an award to a cloud provider whose commercial business was already large enough that JEDI would not make up a majority of its services. The updated version clarifies that the winning vendor’s non-Defense services across the globe will have to stay above 50 percent of its overall business, a statistic it will have to report each month.
  • Considering that DoD is insisting on one vendor that already has a massive commercial business, several vendors questioned how the department would meet its 30 percent small business contracting goal for JEDI. The updated solicitation says small businesses will only be able to provide “cloud support.”

Read more of the DoD Reporter’s Notebook.